cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
ubezio
Level 7
Report Inappropriate Content
Message 1 of 4

how submit a file with icap in reqmod via http post

I tried to to submit a file (a Word File .docx) to DLPe to check whether it contains sensitive data. I cannot figure how add the file as an attachment. Now I'm only able to put the byte in the header. This is not useful because DLP does not decode the content (and probably the file cannot be longer than 14 KB: the max length of the header). To reach the point I submitted a multipart request, but it seems that this is not properly working. Is there a working example?

Thank for your attention.

3 Replies
ubezio
Level 7
Report Inappropriate Content
Message 2 of 4

Re: how submit a file with icap in reqmod via http post

... just to be more clear, now if I send

REQMOD icap://xxx.xxx.xxx.xxx/reqmod ICAP/1.0

Host: xxx.xxx.xxx.xxx

Encapsulated: req-hdr=0, req-body=150

POST /read.txt HTTP/1.1

Host: abcde.abcde.fg

Accept: text/html, text/plain

Accept-Encoding: compress

Pragma: no-cache

Transfer-Encoding: chunked

1E

some text here to send: abcdef

0; ieof

I receive the following answers, which are fine for this case (I have a rule on DLP that check on the content). But no way to insert a real attachment.

* This is the ICAP RESPONSE:

ICAP/1.0 200 OK

Date: Fri, 04 Dec 2015 09:08:09 GMT

Server: McAfee ICAP Server/1.0

Connection: keep-alive

ISTag: "McAfee-xxxxxx-xxxx-xxxxxxx"

Encapsulated: res-hdr=0, res-body=251

* This is the HTTP RESPONSE:

HTTP/1.1 403 Forbidden

Date: Fri, 04 Dec 2015 09:08:09 GMT

Via: ICAP/1.0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:1344

Server: McAfee Prevent-8.5.1 (Stingray)

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html; charset=iso-8859-1

48C

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  <meta http-equiv="Content-Style-Type" content="text/css">

  <title></title>

  <meta name="Generator" content="Cocoa HTML Writer">

  <meta name="CocoaVersion" content="824.41">

  <style type="text/css">

    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 30.0px Helvetica}

    p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 30.0px Helvetica; min-height: 36.0px}

    p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Helvetica}

    p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Helvetica; min-height: 20.0px}

    p.p5 {margin: 0.0px 0.0px 0.0px 0.0px; font: 15.0px Helvetica}

  </style>

</head>

<body>

<p class="p1">Request Denied</p>

<p class="p2"><br></p>

<p class="p3">Access to this content/URL is prohibited. Please contact your System Administrator for details.</p>

<p class="p4"><br></p>

<p class="p3">This transaction has been logged for security reasons.</p>

<p class="p4"><br></p>

<p class="p5"><i>Generated by McAfee NetDLP, Content Scanning Service.</i></p>

</body>

</html>

0

McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: how submit a file with icap in reqmod via http post

An easier method is to transfer the file to the /tmp directory on the DLP appliance and run this command from the CLI:

classify filename.xxx

ubezio
Level 7
Report Inappropriate Content
Message 4 of 4

Re: how submit a file with icap in reqmod via http post

... probably this works very well, but it is not really useful if you want an application to application integration ...

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community